6.9
CVE-2025-5575 - PHPGurukul Dairy Farm Shop Management System add-product.php sql injection
A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-product.php. The manipulation of the argument productname leads to sql injection. The attack can be initiated remotely. The exploit has beenβ¦
6.9
CVE-2025-5574 - PHPGurukul Dairy Farm Shop Management System add-company.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-company.php. The manipulation of the argument companyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has β¦
5.3
CVE-2025-5573 - D-Link DCS-932L setSystemWizard setSystemControl os command injection
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. Theβ¦
8.7
CVE-2025-5572 - D-Link DCS-932L setSystemEmail stack-based overflow
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched reβ¦
4.3
CVE-2025-4580 - File Provider <= 1.2.3 - Item Deletion via CSRF
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
9.8
CVE-2025-4578 - File Provider <= 1.2.3 - Unauthenticated SQLi
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
4.1
CVE-2025-48710 -
kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in β¦
5.3
CVE-2025-5571 - D-Link DCS-932L setSystemAdmin os command injection
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been dβ¦
5.3
CVE-2025-5569 - IdeaCMS getList.html Goods sql injection
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is aβ¦
5.3
CVE-2025-5566 - PHPGurukul Notice Board System search-notice.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been discloseβ¦